Facebook is encouraging its users and security researcher to find any bug in its service. Till now it has paid out more than $40,000 for this. Send them any vulnerabilities you found. If the report checks out, Facebook will pay you a bounty of at least $500.

The minimum amount paid for a bug is $500, up to a maximum of $5000 for the most serious loopholes, said Mr Sullivan, Facebook Chief Security Officer. The maximum bounty has already been paid once, he said.

Facebook is already having a team of security researchers, helping it to improve user privacy and security. This bounty scheme has been started to harden Facebook against attack.

Mr Sullivan wrote in a Facebook notes, "We realize, though, that there are many talented and well-intentioned security experts around the world who don't work for Facebook. We established this bug bounty program in an effort to recognize and reward these individuals for their good work and encourage others to join."
"The program has also been great because it has made our site more secure", He added.

Security Bug Bounty

Facebook Security Bug Bounty page describes about the eligibility criteria and reward system. Third party applications or website that are integrated with Facebook are not considered for this.

You have to first create a test account and use that one instead of a real account when investigating security vulnerabilities. There are also certain limitations with the test account.